WEBC2-YAHOO (d49f372e-c4ee-47bd-bc98-e3877fabaf9e)
The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-YAHOO variant enters a loop where every ten minutes it attempts to download a web page that may contain an encoded URL. The encoded URL will be found in the pages returned inside an attribute named 'sb' or 'ex' within a tag named 'yahoo'. The embedded link can direct the malware to download and execute files.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
WebC2-Yahoo (52c1518d-175c-4b39-bc7c-353d2ddf382e) | Malpedia | WEBC2-YAHOO (d49f372e-c4ee-47bd-bc98-e3877fabaf9e) | Tool | 1 |